Version 0.12 (2005-03-29)
=========================
- FEATURE: added an '--action' option to execute a program when a
disallowed ARP packet was detected
- MINOR LEGACY BREAKAGE: sorting of IP addresses happens now in an
endian-neutral manner. This can change the behavior in ambiguous
configurations.
- MINOR LEGACY BREAKAGE: support for old logging format was
physically removed from source.
Version 0.11 (2004-12-16)
=========================
- FEATURE: hosts with a certain MAC can be blocked regardless of
the IP. This feature has the syntax '*@' and can be used
e.g. to isolate hosts which are infected by worms or viruses.
- LEGACY BREAKAGE: '--poision --mac 802.3x --direction BOTH' are
now the default options as already announced in version 0.8.
Version 0.10 (2004-06-17)
=========================
- cleaned up the code; take reusable variants for the vector* and
fmt* functions
- fixed compilation with dietlibc 0.26
- LEGACY BREAKAGE: use tai64n timestamps for logging
- LEGACY BREAKAGE: remove the complicated 'minit' run-script; it
is now a symlink and options must be configured in 'params'
manually
Version 0.9 (2003-12-16)
========================
- networks with '@MAC' statements are taking precedence over those
with the same netmask but without such statements. This makes it
possible to declare a pool of MACs within a network with dynamic
IP assignment. This change affects ambiguous configurations only
which would have an undefined behavior in previous versions.
- BUGFIX: requests which are matching negated '@!MAC' statements,
are taking now precedence over later, more general matches
(reported by Sergeev Sergey)
- added workarounds for a bug in dietlibc-0.24's printf()
function (affects testsuite only), and a gcc optimization bug
(https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=110966)
Version 0.8 (2003-10-31)
========================
Default options/behavior have not been changed yet, but chances
are high that they will become '--poision --mac 802.3x --direction
BOTH'.
- FEATURE: added '--poison' option which enables the generation of
ARP-replies for the ip of intruders when the intruder sends an
ARP-request. When using a negated '@!MAC' syntax, this MAC will be
used for the questionable IP. This option works only, when
'--direction FROM|BOTH' is used. Inspired by ideas of Sergeev
Sergey.
- BUGFIX: in '--direction FROM' mode, ignore 0.0.0.0 automatically
since it is used for duplicate address detection and/or
DHCPDISCOVER messages
- made generated (tha,tpa) arp-parameters RFC826 compliant;
formerly, broadcast-values were used. It will require some testing
to see which version is more effective/working.
- FEATURE: allowed to specify MAC addresses for source-ip
addresses. This makes it possible to disturb intruders which are
using officially assigned IP addresses. This feature has the
syntax 'ip[/mask][@mac]' and takes only effect on packages coming
*from* intruders. Inspired by Mark Pierce.
Version 0.7 (2003-09-09)
========================
NOTE: large parts of the project were touched to implement the new
scheduler. It has been tested extensively, but when you encounter
problems, it is recommended to go back to version 0.6 (after you
reported those problems to me, of course).
Future version will probably default to '--mac 802.3x', '--llmac
LOCAL' and '--direction BOTH'; but the current version uses still
the legacy '--mac RANDOM' and '--direction TO' defaults.
- added comprehensive 'simulate' testsuite-program which prints out
the ether/arp headers which would be generated by the real program
- added '--llmac' option to configure MAC address used in linklevel-
headers when answering a request *from* intruders
- FEATURE: ip-sentinel will answer arp-requests *from* intruders also.
This feature is disabled by default; you can enable it with the new
'--direction FROM/BOTH' cmdline option. Suggested by Mark ZZZ Smith.
- FEATURE: changed from forked worker-processes to one worker
process with an own scheduler; this allows to increase the number
of pending ARP-replies significantly (formerly 40, now 511; see
src/parameters.h) without lowering system performance.
- LEGACY BREAKAGE: enhanced/changed the log-format; when you want
the old one, go into Worker_printJob() in src/worker.c and change
the '#if 0' to '#if 1'. Note that this preprocessor directive can
and will disappear in future versions without explicit warnings.
- FEATURE: a '--mac' option was added which allows to specify the
used mac-address; this option and the config-file understands
special values like '802.1d' or '802.3x'. This was suggested by
Mark ZZZ Smith.
Version 0.6 (2003-08-06)
========================
- FEATURE: support for numeric IP-ranges was added; suggested by
Jon Belanger
- ship minit run-script in contrib/
Version 0.5 (2003-07-15)
========================
- BUGFIX: when having multiple interfaces in the host, ip-sentinel
listened on all ones instead only on this given on the
cmd-line. Thanks to Sergeev Sergey for reporting this.
- enhanced RHL-initscript
Version 0.4 (2003-05-27)
========================
- logging was enhanced
- anti-DOS limits were increased a little bit
- FEATURE: it is allowed to specify a MAC for networks
- build with RH 5.2 was fixed
- a lot of minor cleanups
Version 0.3 (2002-11-27)
========================
- minor code-cleanups
- certain mechanism (anti-DOS, vector-resizing, sliding random
MACs) were documented and parameterized ; see src/parameters.h
for details
- BUGFIX: broken signal-handling with dietlibc was fixed (dietlibc
sets SIG_DFL handler when entering a handler and -- in opposite to
glibc-2.3.1 -- does not restore this value to the handler set with
signal())
- BUGFIX: stupid typo in vector-resize code which caused excessive
memory-consumption was fixed
- testsuite was modified to give more determined results with
different bsort() implementations
Version 0.2 (2002-11-22)
========================
- build-fixes with RH 6.2
- minor build-fixes
- documentation was added
Version 0.1 (2002-11-16)
========================
- initial release